Scaling-Up Urban Network Security Games with Graph Contraction

Scaling-Up Urban Network Security Games with Graph Contraction Hiroaki Iwashita Kotaro Ohori Hirokazu Anai Fujitsu Laboratories Ltd. Kawasaki 211-8588, Japan {iwashita.hiroak,ohori.kotaro,anai}@jp.fujitsu.com Abstract Urban network security games, which model attackers and defenders on road networks, provide a promising framework for planning effective strategies of patrolling and inspection. This paper focuses on improving scalability of the algorithm to solve them, which is one of the important challenges in security game problems. State-of-the-art solvers have been scaled up to handle real-world networks with tens of thousands of edges; however, it can take days or more to solve them when we vary problem settings of sources, targets, and security resources. This paper provides a novel method MiCANS to improve the scalability drastically, which includes two features: (1) the strategy spaces of both players are reduced dramatically through edge contraction by identifying the edges that are not essential for defender s optimal strategy, based on the technique that we call -cut arrangement ; and (2) the reduced problem is solved efficiently with a mixed-integer quadratic programg oracle. Although theoretical analysis have not been made yet enough, experimental results show that it finds optimal solutions in most cases and achieves several orders of magnitude speedup compared to the existing algorithms. 1 Introduction Effective safety policies are required to prevent terrorism and drug dealing with the deteriorating security situation around the world. However, all possible security checkpoints cannot be covered at every moment because we have limited security resources. Over recent years, game-theoretic approaches have been applied to plan effective resource allocation strategies for patrolling and inspection. The security games modeled based on a Stackelberg game [Von Stackelberg, 1934] have provided various applications in real-world domains, for example, LA International Airport [Pita et al., 2008], US Federal Air Marshals Service [Tsai et al., 2009], and US Coast Guard [Shieh et al., 2012; Fang et al., 2013]. As one of the important game types, there is a security game for urban networks, which models an attacker and a defender who take a decision on the network consisting of nodes and edges. The defender s strategies represent the allocations of their limited resources to edges on the network, while the attacker has paths from any source node to any target one as its strategies. This paper focuses on improving scalability of the algorithms for solving urban network security problems, which is one of important challenges in security games [Tambe et al., 2014]. The strategy spaces for both the defender and the attacker increase exponentially with the number of security resources and the size of the network, respectively. There have been remarkable studies to scale up to realistic problem sizes in the urban network security games. [Tsai et al., 2010] provided RANGER which obtains an approximate solution for the defender by operating on the marginal probabilities of edges rather than solving for a distribution over allocations. [Jain et al., 2011] presented RUGGED based on a double-oracle approach [McMahan et al., 2003] which need not to enumerate the all pure strategies for either of the attacker and the defender. Although the algorithm can obtain a global equilibrium strategy by computing the best responses iteratively, it is restricted to scale up to large scale networks because the large number of iterations is required to converge the strategy. To improve the scalability, [Jain et al., 2013] introduced SNARES that can obtain optimal strategies for Mumbai road network comprising 9,503 nodes and 20,416 edges. However, the algorithm in the previous research cannot be always applied in the real world urban road network without any condition. The runtime required by an algorithm in security games varies significantly depending on the number of targets and resources [Jain et al., 2012]. In our experiment with the SNARES algorithm, a larger the number of targets and resources resulted in an extraordinarily high computing time to gain an optimal solution. Moreover, experiments when varying only the places of sources and targets showed widely different runtime for every run. This paper provides a novel method MiCANS (Min-Cut Arrangement for Network Security) to improve the scalability drastically, the method of which yields relatively robust results even if varying the placements of resources and targets. MiCANS has the following two features: (1) the strategy spaces of both players are reduced dramatically through edge contraction by identifying the edges that are not essential for

defender s optimal strategy, based on the technique that we call -cut arrangement; and (2) the reduced problem is solved efficiently with a mixed-integer quadratic programg oracle. The solutions gained using the method generate approximately same values to optimal ones with SNARES. The method also show orders of magnitude speedups compared to SNARES, and so can be applied to various types of realistic problems. 2 Urban Network Security Problem 2.1 Problem Definition Urban network security game [Tsai et al., 2010] is a zerosum game with two players: a defender and an attacker. The network security game is modeled using a graph G = (V, E) describing a road network, a set of source nodes S V a set of target nodes T V a payoff U(t) > 0 for each target t T, and the number of defender resources k. The defender allocates up to the k defender resources to any k on the E edges. The attacker moves along a path on the edges of G starting at any one of the source node s S to any one of the targets s S. The attacker fails if a defender resource is on its path to the target t, otherwise the attacker gains U(t) for a successful attack on target t. Conversely, the defender gets U(t), which we call damage, if the attacker successfully attacks t. The objective of the security game is to find an optimal mixed strategy for the defender, which means the most effective allocation plan of the defender resources, in terms of imizing the maximum expected damage. Since this is a zero-sum game, its optimal solution is a Nash equilibrium as well as a strong Stackelberg equilibrium [Yin et al., 2010]. We note that an attacker is able to start from any source, so there is no reasonable efficacy for the attacker to choose a path via some sources. Therefore, in the case of network security game with multiple sources, the contraction of the associated graph G through merging multiple sources to a single source does not change its optimal solution. In the same way, the targets with the same payoff can be contracted. Let D be a set of all defender allocations and A be a set of all attacker paths. We denote a defender s mixed strategy by x : D [0,1] and expectation of the damage by z. The attacker s path a A gets U(a) if the attack succeeds. The probability that the attacker s path a becomes successful against defender allocation d is denoted by P(d, a) {0, 1}. Then the network security game can be formulated as a imax linear programg problem described by the following formulas: x,z z (1) z U(a) (P(d,a) x(d)), a A (2) d D x(d) = 1 (3) d D 0 x(d) 1, d D. (4) By solving formulas (1) (4), we obtain an optimal defender s mixed strategy and expectation of the damage at that time. Moreover, the solution of the dual problem provides an optimal attacker s mixed strategy y : A [0, 1]. This basic formulation, however, cannot be applied directly to realworld problems since D and A increase exponentially with the problem size. 2.2 Min-Cut Method It is obvious that a defender can defend completely by allocating resources to all cut edges if the size of cuts separating sources and targets (i.e., total number of cut edges) is not larger than the number k of resources. It is shown in [Washburn and Wood, 1995] that a defender s optimal strategy is to allocate resources to k cut edges randomly chosen among a -cut if there is only one target (or all targets have same values) even in the case that the size of cuts is larger than k. This method enables to reduce the problem with exponential complexity in the size of a given graph G into polynomial time complexity. However, it is not always true that a unique -cut which separate sources from targets provides an optimal solution for the cases targets values are not uniform. 2.3 Double-Oracle Method As state-of-the-art algorithms to solve general urban network security games, RUGGED [Jain et al., 2011] and SNARES [Jain et al., 2013] based on double-oracle methods have been proposed. RUGGED, for solving the imax problem given in formulas (1) (4), is a double-oracle method [McMahan et al., 2003], which corresponds to constraint and column generation of linear programg problems, in order to prevent the enumeration of all defender allocations D and all attacker paths A. The double-oracle method reaches an optimal solution asymptotically by adding the best response strategy against an equilibrium strategy to the game instead of finding an optimal mixed strategy after enumerating all pure strategies. The outline of double-oracle method in RUGGED is shown in Algorithm 1. Computation of best responses of both play- Algorithm 1: Double-oracle method 1 Initialize D by arbitrary defender allocations 2 Initialize A by arbitrary attacker paths 3 repeat 4 Solve the imax LP problem of equations (1) (4), and let x and y be mixed strategies of the defender and the attacker over D and A respectively 5 Find defender s best response to y and add it to D 6 Find attacker s best response to x and add it to A 7 until convergence 8 return x ers in lines 5 and 6 is achieved by solving mixed-integer linear programg problems. We note that the modules require long computation time in the whole procedure in RUGGED. In SNARES, Algorithm 1 has been improved by adding the following two features. (1) On computing optimal responses for both players, SNARES first tries to find better responses

Figure 1: Overview of MiCANS quickly with greedy heuristics; if it fails, then uses a mixedinteger linear prograg solver. (2) A method called cutfanout is used to improve initial values of D and A. Mincutfanout first constructs a -cut which separates the target with the highest value from the sources; and then initializes D by defender allocations such that each allocation cover k edges of the -cut, and A by attacker s best responses to them. 3 MiCANS Algorithm In this section, we present MiCANS, a novel method to deal with massive network security games. Figure 1 illustrates an overview of MiCANS. It includes an algorithm, which we call -cut arrangement, to generate a reduced game incrementally from the original massive game. MiCANS also provides an oracle-based efficient solution to the reduced game. 3.1 Min-Cut Arrangement When we investigate optimal strategies of the defender, it is often found that many of the graph edges are never used for defender allocations. Supposing that those edges can be detered in advance, we have great potential for reducing the problem. Leaving discussion on how to reduce the problem until the next subsection, here we introduce an algorithm to pick out good candidate edges for defender allocations. The -cut method for one-target problems [Washburn and Wood, 1995] and cut-fanout method in SNARES [Jain et al., 2013] implies that -cuts between sources and targets are keys to find them. A -cut separating multiple targets from the sources gives the best set of edges for uniformly enhancing security of those targets. Min-cut arrangement combines a plurality of such -cuts to construct a set of candidate edges. The outline of MiCANS is shown in Algorithm 2, where E is a current set of candidate edges and x is a current mixed strategy of the defender. The initial values of E and x are empty, meaning that defender resources are not allocated on any edge. A critical target is the one that will suffer the highest expectation of the damage (the product of its value and success probability of attacker s path to it) under x. In each iteration, candidate edges are added in such a way that protection of all critical targets can be reinforced uniformly. It is repeated until no new candidate edges are added. Although it is not proven that the algorithm always finds sufficient candidate edges for an optimal solution, we have experimentally confirmed that they would be enough for practical use. Algorithm 2: MiCANS 1 Let S be the set of source nodes 2 Initialize E and x to be empty 3 repeat 4 Let T be a set of all critical targets under x 5 Add -cut edges between S and T to E 6 Update x by solving the security game under the constraint that only the edges in E can be used 7 until convergence 8 return x 3.2 Security Games under Edge Restriction Supposing that the defender has selected a subset E E of edges in the original graph G = (V,E) as a set of candidate edges, we can reduce strategy space of the attacker as well as the defender. Since the defender allocates resources only on candidate edges, the attacker can move freely through all other edges without any risk; both players do not need to take attacker s individual paths on those free edges into account for optimizing their strategies. Therefore, edge contraction of every e E \ E, which makes the graph composed only of candidate edges, reduces the problem safely. Contraction of many edges can lead to many occurrences of multiple edges, which are two or more edges that are incident to the same two vertices. An optimal strategy of the defender should use those edges uniformly since they are topologically equivalent. We do not need to distinguish each member of multiple edges and they can be simplified as a single edge with the capacity that represents the number of original edges. For each pair of nodes connected by n edges, we merge them into a single edge e with capacity C e = n. After all, the original graph G = (V,E) is reduced to a smaller weighted graph Ĝ = ( ˆV,Ê), in which each edge e Ê has capacity C e of a positive integer. Now let d e {0,...,C e } denote the number of resources on edge e in defender allocation d. When the defender and the attacker play d and a respectively on Ĝ, the attack succeeds at probability e a (1 d e /C e ). Therefore, this game is formulated as follows: x,z z (5) ( ( z U(a) 1 d ) ) e x(d), a A (6) d D e a C e x(d) = 1 (7) d D 0 x(d) 1, d D; (8) where D and A are all defender allocations and all attacker paths on Ĝ respectively, x : D [0,1] is the defender s mixed strategy, z is an expectation of the damage, and U(a) is the amount of damage when attacker path a A succeeds. 3.3 A Small Example We demonstrate an execution example of MiCANS algorithm using a small graph illustrated in Figure 2(a), where s is a

(a) Original graph (b) Step 1 (c) Step 2 (d) Step 3 (e) Step 3 Figure 2: An execution example source node, t 1 is a target node with value of 1, and t 2 is another target node with value of 2. Let us suppose that two resources can be used by the defender. The critical target at the first step is t 2 and a -cut between s and t 2, namely, c 1 is computed. Now, candidate edges are the two edges crossing c 1. A weighted graph of the first step is shown in Figure 2(b), which leads the first solution that completely guards t 2 by placing the two resources on the single edge. At the second step, the critical target changes to t 1 and the weighted graph is updated as Figure 2(c). As the optimal mixed strategy for the defender balances expected damage of attacks on t 1 and t 2 to 2/3, both targets become critical at the third step. There are multiple options of -cuts such as c 3, c 3 and c 3 in this step; taking c 3 makes the weighted graph as Figure 2(d) and others as Figure 2(e). We can get an optimal solution of which expected damage is 1/2, from either graph even though they are topologically different. 3.4 Further Reduction of the Strategy Space Let D e = {0,...,C e } and D e = D e \ {0,C e }. We say that edge e is partially blocked by defender allocation d when d e D e. The following theorem allows us to restrict the defender s strategy space to only the defender allocations that do not partially block two or more edges. Theorem 1. At least one optimal mixed strategy for the defender includes no defender allocation by which two or more edges are partially blocked. Proof. Let us assume that defender allocation d partially blocks edges i and j. Let d and d be defender allocations such that d i i if e = i, d i + j if e = i, d e = d j + i if e = j, d e = d j j if e = j, otherwise; otherwise; d e where i and j are set to the largest acceptable value: i = (d i,c j d j ) and j = (d j,c i d i ). Note that at most one of edges i and j are partially blocked by d and by d. We replace d at probability p in any mixed strategy with d and d at probabilities j i + j p and i i + j p respectively. It can be shown by comparing probability of successful attacks that this replacement never makes the strategy worse. By repeating it, we can safely eliate all the defender allocations that partially block two or more edges from any optimal mixed strategy. d e On the other hand, attacker s strategy space can be reduced by excluding paths passing over some target that is more valuable than their destinations. 3.5 Efficient Solution with MIQP Oracle The attacker s strategy space becomes small enough on the reduced weighted graphs, while the defender s strategy space tends to remain rather large even when the restriction in Section 3.4 is applied. Algorithm 3 summarizes the procedure to solve the security game in MiCANS, where we use a single oracle of defender s best response. Algorithm 3: Single-oracle method in MiCANS 1 Initialize D by arbitrary defender allocation 2 Initialize A by all attacker paths 3 repeat 4 Solve the imax LP problem of equations (5) (8), and let x and y be mixed strategies of the defender and the attacker over D and A respectively 5 Find defender s best response to y and add it to D 6 until convergence 7 return x The oracle finds one of the best defender allocation d under attacker s mixed strategy y. It is formulated as a mixedinteger nonlinear programg (MINLP) problem: d a A ( U(a)y(a) e a ( 1 d e C e ) ) (9) d e k (10) e Ê d e D e, e Ê. (11) Unfortunately, the above MINLP can not be accepted directly by many generic optimization solvers. We transform it into a mixed-integer quadratic programg (MIQP) problem using the restriction on d introduced in Section 3.4. Let λ(e,r) be a binary variable representing if the number of resources allocated on edge e is r, or d e = r. From the restriction, no two r D e satisfies λ(e,r) = 1 for all e Ê. It allows us to rewrite equations (9) (11) as follows: λ,ω a A e Ê U(a) y(a) 1 e a r D e r λ(e,r) (1 ω(a)) C e (12) r D e r λ(e,r) k (13) e Ê r D e λ(e,r) 1 (14) r D e λ(e,r) 1, e Ê (15) ω(a) λ(e,c e ), a A (16) e a λ(e,r) {0,1}, e Ê, r D e (17) ω(a) [0,1], a A. (18)

Equation (13) says that the total number of allocated resources does not exceed k. Equations (14) (15) corresponds to the restriction introduced in Section 3.4. Equation (16) defines the relation between ω and λ; ω(a) = 1 if attacker path a is completely blocked by the defender at some edge e a, otherwise ω(a) = 0. 4 Experimental Results We have implemented MiCANS and SNARES algorithms in Python with NetworkX graph library [Schult and Swart, 2008] and Gurobi mathematical programg solver. All experiments were performed on a machine with 2.9GHz CPU and 10GB memory. We used three types of network models: 1. Random road network models called GRE (Grid model with Random Edges) [Peng et al., 2014], which is a planar connected graph made of l w square grid of nodes, horizontal/vertical edges between neighbors are controlled by probability p, and diagonal ones by q. It is reported that the value of p spread in [0.3,0.9] and q in [0.1, 0.7] in models that best matches with road networks of Europe. We fixed sources to w nodes at the bottom end, while the target nodes are selected randomly. 2. Random geometric graphs, which also have been shown to mimic some properties of real road networks [Eppstein and Goodrich, 2008] and was used to evaluate algorithms in [Jain et al., 2013]. We have distributed n nodes uniformly at random in a unit square and connected all two nodes between which distance is not more than given threshold d. Source and target nodes are selected randomly. 3. A real road network data of Mumbai, made of 21,132 nodes and 33,603 edges. We have extracted it from a rectangle area of latitude 18.84 to 19.36 and longitude 72.75 to 73.16 of the Open Street Map [Haklay and Weber, 2008]. Source and target nodes are selected randomly. 4.1 Effectiveness of Graph Reduction We generated random 400 instances of the GRE model, of which horizontal and vertical sizes are chosen randomly from {10,...,300}, p from [0.3,0.9], and q from [0.1,0.7]. Figure 3(a) presents the relation between the number of nodes and edges of the final reduced graph made by cut arrangement. It is confirmed that every graph has small edge/node ratio, which prevents explosion of the number of attacker paths since most nodes have degree of 1 or 2. The actual number of attacker paths enumerated on every reduced graph was less than 200 in these examples. The distribution of original graph size versus reduced one in Figure 3(b) shows that size of the graphs have been reduced by several orders of magnitude. It should be further emphasized that no direct correlation was found between them. Figure 3(c) and Figure 3(d) shows that the size of reduced graph is strongly related to the number of targets but not to sources. It is obvious when sufficient resources are available with respect to targets. (a) Vs. nodes after reduction (c) Vs. number of sources (b) Vs. edges before reduction (d) Vs. number of targets Figure 3: Number of edges after reduction (a) Varying number of nodes (c) Varying number of targets (b) Varying edge probabilities (d) Varying number of resources Figure 4: Runtime for GRE models 4.2 Comparison with SNARES We compared performance of MiCANS with SNARES using the GRE models and random geometric graphs. For the GRE models, we have experimented around the following central parameter values: 10 10 nodes, (p, q) = (0.6, 0.4), 3 targets, and 3 resources. Figure 4 presents the results when varying (a) the number of nodes, (b) edge probabilities, (c) the number of targets, and (d) the number of resources, from the central setting. Each experiment is repeated 10 times with different random seeds to exae uncertainty of the runtime. The marks on the top margin indicates the number of runs of SNARES that have not finished within 1,000 seconds. All these results show that execution time of SNARES varies extremely, while MiCANS is very robust and all runs are finished within a second. Figure 5 presents results for random geometric graphs, where we selected central parameter values as 100 nodes,

(a) Varying number of nodes (b) Varying distance threshold (a) Varying number of nodes (b) Varying edge parameters (c) Varying number of targets (d) Varying number of resources (c) Varying number of targets (d) Varying number of resources Figure 5: Runtime for random geometric graphs Figure 7: Runtime for large GRE models Figure 6: Total number of inner iterations for GRE models (a) Varying numver of targets (b) Varying number of resources d = 0.2, 3 sources, 3 targets, and 3 resources. We can find almost the same trends as the GRE models. Comparison of the numbers of inner iterations (the number of runs of imax optimizations) in the algorithms is plotted in Figure 6. It also shows significant reduction by MiCANS and no clear correlation of difficulties between the original problem and the reduced one. We have compared expected payoff values for all 308 problems solved by both SNARES and MiCANS and confirmed that they are always the same; it follows that MiCANS have successfully found optimal solutions for those problems. 4.3 Scalability We evaluated scalability of MiCANS using more difficult problems, which our implementation of SNARES could not solve. Experiments are performed using 10 random instances for each parameter setting. Figure 7 presents results for larger GRE models, where we selected central parameter values as 200 200 nodes, (p,q) = (0.6,0.4), 20 targets, and 20 resources. Note that the runtime is not log-scaled, showing that MiCANS is still stable for large problems. When the original graph size is very large (e.g. >100k nodes), runtime was doated by -cut computation. Results were similar for large random geometric graphs. Figure 8: Runtime for Mumbai road network Figure 8(a) presents the results for the Mumbai road network when varying the number of targets from 10 to 40 and fixing both sources and resources to 20. Figure 8(b) presents the results when varying the number of resources from 10 to 60 and fixing both sources and targets to 20. Those problem settings are much harder than the ones in [Jain et al., 2013]. All results confirm that MiCANS is robust enough and shows gradual growth of the computational cost with respect to size of the problems. 5 Conclusions We have proposed MiCANS, the method that drastically improves the scalability of solvers for urban network security games. Min-cut arrangement effectively reduces the original graph to a very small one by abstracting out the edges that are not essential for defender s optimal strategy. We have also presented a MIQP formulation of a defender oracle for efficient solution of the reduced game. Although MiCANS can actually find optimal solutions for realistic examples, it is still an unresolved issue for us to discover a strict method to check if the set of candidate edges are sufficient for constructing an optimal solution.

References [Eppstein and Goodrich, 2008] David Eppstein and Michael T Goodrich. Studying (non-planar) road networks through an algorithmic lens. In Proceedings of the 16th ACM SIGSPATIAL international conference on Advances in geographic information systems, page 16. ACM, 2008. [Fang et al., 2013] Fei Fang, Albert Xin Jiang, and Milind Tambe. Optimal patrol strategy for protecting moving targets with multiple mobile resources. In International Conference on Autonomous Agents and Multiagent Systems (AAMAS), pages 957 964, 2013. [Haklay and Weber, 2008] Mordechai Haklay and Patrick Weber. Openstreetmap: User-generated street maps. Pervasive Computing, IEEE, 7(4):12 18, 2008. [Jain et al., 2011] Manish Jain, Dmytro Korzhyk, Ondřej Vaněk, Vincent Conitzer, Michal Pěchouček, and Milind Tambe. A double oracle algorithm for zero-sum security games on graphs. In International Conference on Autonomous Agents and Multiagent Systems (AAMAS), pages 327 334, 2011. [Jain et al., 2012] Manish Jain, Kevin Leyton-Brown, and Milind Tambe. The deployment-to-saturation ratio in security games. In Conference on Artificial Intelligence (AAAI), pages 1362 1370, 2012. [Jain et al., 2013] Manish Jain, Vincent Conitzer, and Milind Tambe. Security scheduling for real-world networks. In International Conference on Autonomous Agents and Multiagent Systems (AAMAS), pages 215 222, 2013. [McMahan et al., 2003] H Brendan McMahan, Geoffrey J Gordon, and Avrim Blum. Planning in the presence of cost functions controlled by an adversary. In International Conference on Machine Learning, pages 536 543, 2003. [Peng et al., 2014] Wei Peng, Guohua Dong, Kun Yang, and Jinshu Su. A random road network model and its effects on topological characteristics of mobile delaytolerant networks. IEEE Transactions on Mobile Computing, 13(12):2706 2718, 2014. [Pita et al., 2008] James Pita, Manish Jain, Janusz Marecki, Fernando Ordóñez, Christopher Portway, Milind Tambe, Craig Western, Praveen Paruchuri, and Sarit Kraus. Deployed armor protection: the application of a game theoretic model for security at the los angeles international airport. In International Conference on Autonomous Agents and Multiagent Systems (AAMAS), pages 125 132, 2008. [Schult and Swart, 2008] Daniel A Schult and PJ Swart. Exploring network structure, dynamics, and function using networkx. In Proceedings of the 7th Python in Science Conferences (SciPy 2008), volume 2008, pages 11 16, 2008. [Shieh et al., 2012] Eric Shieh, Bo An, Rong Yang, Milind Tambe, Craig Baldwin, Joseph DiRenzo, Ben Maule, and Garrett Meyer. Protect: A deployed game theoretic system to protect the ports of the united states. In International Conference on Autonomous Agents and Multiagent Systems (AAMAS), pages 13 20, 2012. [Tambe et al., 2014] Milind Tambe, Albert Xin Jiang, Bo An, and Manish Jain. Computational game theory for security: Progress and challenges. In AAAI Spring Symposium on Applied Computational Game Theory, 2014. [Tsai et al., 2009] Jason Tsai, Shyamsunder Rathi, Christopher Kiekintveld, Fernando Ordonez, and Milind Tambe. Iris-a tool for strategic security allocation in transportation networks. In International Conference on Autonomous Agents and Multiagent Systems (AAMAS), 2009. [Tsai et al., 2010] Jason Tsai, Zhengyu Yin, Jun-young Kwak, David Kempe, Christopher Kiekintveld, and Milind Tambe. Urban security: Game-theoretic resource allocation in networked physical domains. In Conference on Artificial Intelligence (AAAI), pages 881 886, 2010. [Von Stackelberg, 1934] Heinrich Von Stackelberg. Marktform und Gleichgewicht. J. Springer, 1934. [Washburn and Wood, 1995] Alan Washburn and Kevin Wood. Two-person zero-sum games for network interdiction. Operations Research, 43(2):243 251, 1995. [Yin et al., 2010] Zhengyu Yin, Dmytro Korzhyk, Christopher Kiekintveld, Vincent Conitzer, and Milind Tambe. Stackelberg vs. nash in security games: Interchangeability, equivalence, and uniqueness. In International Conference on Autonomous Agents and Multiagent Systems (AAMAS), pages 1139 1146, 2010.